informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/magazines/CUD/cud0204.txt

724 lines
37 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 2, Issue #2.04 (September 23, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet)
ARCHIVISTS: Bob Krause / Alex Smith
USENET readers can currently receive CuD as alt.society.cu-digest.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source is
cited. It is assumed that non-personal mail to the moderators may be
reprinted, unless otherwise specified. Readers are encouraged to submit
reasoned articles relating to the Computer Underground.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONTENTS:
File 1: Moderators' Corner
File 2: Re: Evidence (was Re: Musing on Constitutionality)
File 3: Why the FBI should be concerned about the Secret Service
File 4: California Computer Abuse Law revisited
File 5: Candidate for state governor supports electronic freedom & privacy
File 6: Review of Steven Levy's CLOAK AND DAGGER
File 7: The CU in the News
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
----------------------------------------------------------------------
********************************************************************
*** CuD #2.04, File 1 of 7: Moderator's corner ***
********************************************************************
Date: September 23, 1990
From: Moderators
Subject: Moderators' Corner
++++++++++
In this file:
1. CuD SURVEY
2. CuD FORMAT
3. LEN ROSE UPDATE
++++++++++++++++++
CuD Survey About Ready
++++++++++++++++++
Bob Krause has the survey of CuD readers about ready to send. The earlier
announcement of the survey received positive responses, so he will send it
out directly from his site. The purpose is to find out who the readership
is. The subscribers are overwhelmingly professional (computer scientists,
journalists, academics), with the rest divided up among students, law
enforcement or computer security, and the generally curious. The results
will remain in-house, although Bob intends to use some of the data for a
conference paper.
+++++++++++++++++++
CuD Format
+++++++++++++++++++
We have tried to format CuD in response to the various suggestions that
have come to us since we began. Since we moved to the current "standard"
format, we have received few suggestions and no complaints. Sometimes a
reality check is wise, so if you have suggestions, let us know. We
currently format at 75 characters per line, but reader who print it out
before reading may prefer 65 characters, our own preference. We are
wondering if there is any strong feeling on the format, one way or the
other.
++++++++++++++++++++++++
LEN ROSE UPDATE
++++++++++++++++++++++++
Len Rose's trial is still scheduled for February. His situation, however,
continues to cause problems. Although even by the least charitable
assessment his crimes are not serious, the publicity and that "taint" makes
it difficult for him to find employment, and he has no steady source of
income whatsoever. His problems are complicated by the seizure of his
possessions. He lost his equipment, and even if ultimately exonerated as
Craig Neidorf was, the financial burden makes it impossible to support his
wife and children. Strong arguments have been made in the past for hiring
people with competent computer skills, especially those who possess
expertise in the realm of computer security. Len has demonstrated his
competence in the past as a programmer and as a consultant, and his skills
would be an asset to any employer. CuD is not an employment bulletin, but
there are times when those seeking employment should have an alternative
forum to engage in their search, and we are willing to provide space on
occasion to put potential employers in contact with candidates.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
To: EFF-NEWS@NETSYS.COM
Subject: Re: Evidence (was Re: Musing on Constitutionality)
Date: 14 Sep 90 03:35:56 GMT
********************************************************************
*** CuD #2.04: File 2 of 7: From the Mailbag ***
********************************************************************
+++++++++++++++++++++++++++++
We received the following from one of the more interesting newsnets
around, and the author gave permission to reprint it.
++++++++++++++++++++++++++++++
I have always been amused at reading how the goons confiscate printers when
they move in. How silly! Yet it got me thinking...
If I were a computer criminal, I might just create a very special printer with
a bank of non-volatile storage in it. Or, for that matter, just buy one of
the modern printers you can get these days with 4 megs ram, etc.
I would use that storage, normally, to keep all the stolen access codes,
calling card numbers, and other incriminating data. Pretty easy, with the
high speed link I have to my printer, to fetch the codes from it.
(I would also have the machine erase stuff if disconnected improperly, keeping
backups somewhere far away.)
Or I could hide this info in little hidden places in all kinds of semi-smart
or smart peripherals -- including some off the shelf.
So if we fight (correctly) to stop them from confiscating everything, this may
drive the real criminals to such tricks, which may lead to grander
confiscation. I point this out -- I don't know if there's an answer.
(Author's name deleted by request)
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
Date: 22 Sep 90 04:02:57 GMT
From: Anonymous
Subject: Why the FBI should be concerned about the Secret Service
********************************************************************
*** CuD #2.04: File 3 of 7: The FBI and the Secret Service ***
********************************************************************
Rumors have it that the FBI is not very happy with the way the secret
service is conducting investigations. According to the rumors, the FBI
thinks it's hampering their own investigations and making it more difficult
to go prosecute big time criminals. Here's the gist of the arguments.
PROFESSIONALISM: When the FBI was investigating the nuPrometheus
League's alleged involvement in theft and distribution of Apple Software,
the people they visited had very different experiences than those the
secret service visited. The FBI was, so it's said, was polite, courteous,
and generally professional. They didn't try to act like they knew more than
they did, and they didn't try to intimidate those they questioned. In a
case related to Sun Devil, an FBI agent stopped by to just chat and
discussed some of the tactics used by the secret service and didn't seem at
all happy about either their methods or their competence. If one agency
isn't professional, it makes people less willing to cooperate with members
of other agencies when they come around.
JURISDICTION: The FBI and secret service have jurisdiction over computer
crimes under the 1986 federal law outline computer crimes. The FBI
generally investigates crimes involving break-ins at government offices or
military installations, or in which the government is the target. The
secret service is involved with investigating crimes involving access
devices, which generally means crimes employing a modem to get into other
computers or rip-off telecom companies. There may be a jurisdictional fight
going on, and the secret service may be trying to expand the scope of its
activities. If successful, it means more visibility, more appropriations,
more staff, and more glory. This might explain why there was so much
initial publicity over the hacker busts this year and why they are go after
relatively easy targets.
RIGHTS: The FBI probably has far more experience in the subtleties of
questioning than the secret service, and they are more likely to know the
limits of what they can and can't do. The secret service, by contrast, has
relatively young agents doing the investigation, and some of those
responsible for the Sun Devil investigation who were in the field doing the
searches are said to have as little as two or three years total experience
and little field experience. Lacking an experienced agent-in-charge, it's
more likely that rights will be violated by young agents who simply don't
know any better. Most people don't distinguish between FBI and secret
service, so if rights are violated all government agencies are tainted. The
FBI has been criticized in the past for violation the rights of political
groups in the 1960s and the 1970s, and has been caught violating the rights
of groups sympathetic to Latin American countries the Reagan administration
opposed in the 1980s. They don't need the aggravation of another agency
renewing the issues of constitutional rights and further limiting the scope
of their power to investigate.
BACKLASH: If a backlash occurs against the secret service, the FBI will
also feel it. If restrictions are placed on what agencies are allowed to
do as a response to abuses, the FBI would itself become a victim of the
secret service because of new laws and policies that restrict their powers.
A backlash could also result in negative publicity that would reduce the
dangers of serious computer crime by creating a "cry wolf" scenario in
which so many non-threats were publicized that real threats would go
unheeded. A final consequence of backlash could be reduction in
appropriations for combating technological crimes. How can any agency
expect to present a convincing argument that there are dangerous computer
crooks out there when the experience with the secret service has an image
of focusing on juvenile delinquents who abuse credit cards or is involved
in publicized trials where the defendant has the charges dropped during a
prosecutor's arguments?
It's one thing for the secret service to wind up with egg on its face, but
when they splatter other enforcement agencies and tarnish them as well it
doesn't help those agencies. There are many sincere government agents who
respect the law and individuals' rights. Let's keep in mind that, although
prohibited from speaking out publicly, those agents and their agencies,
whether investigators or other federal prosecutors, should be seen as
upholders of law and not violators of it.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
Date: 19 September, 1990
From: Moderators
Subject: California Computer Abuse Law revisited
********************************************************************
*** CuD #2.04: File 4 of 7: California Computer Abuse Law ***
********************************************************************
In a previous issue of Computer underground Digest (1.17, File 5), the
California revision of Title 13 Sections 502 and 502.7 was described as an
example of the potential dangers in "cracking down" on computer hackers.
Upper case indicates emphasis that we have added.
Title 13 Sect. 502.7:
"(a) A person who, knowingly, willfully, and with intent to
defraud a person providing telephone or telegraph service,
avoids or attempts to avoid, OR AIDS ABETS OR CAUSES ANOTHER
TO AVOID the lawful charge, in whole or in part, for
telephone or telegraph service by any of the following means
is guilty of a misdemeanor or a felony, as provided in
subdivision (f):"
There follows a list of proscribed means, including charging to
non-existence credit cards and tampering with telecom facilities, most of
which seem reasonable. One, however, strikes us as potentially dangerous.
502.7 (b) states:
"Any person who MAKES, POSSESSES, SELLS, GIVES, OR OTHERWISE
TRANSFERS TO ANOTHER, OR OFFERS OR ADVERTISES ANY
INSTRUMENT, APPARATUS, OR DEVICE WITH INTENT TO USE IT or
with knowledge or reason to believe it is intended to be
used to avoid any lawful telephone or telegraph toll charge
or to conceal the existence or place of origin of
destination of any telephone or telegraph message; or (2)
sells, gives, or otherwise transfers to another, or
advertises plans or instruments for making or assemblying an
instrument, apparatus, or device described in paragraph (1)
of this subdivision with knowledge or reason to believe that
they MAY BE %emphasis added% used to make or assemble the
instrument, apparatus, or device is guilty of a
misdemeanor or a felony, as provided in subdivision (f)."
The broad wording of this laws would make it illegal to possess information
on "boxing" or to possess an autodialer. The problematic language here is
"with knowledge or reason to believe it is intended to avoid. . .". We have
seen from Operation Sun Devil that, contrary to normal Constitutional
procedures, the burden of proof of innocence lies on the "suspect." A BBS
operator who puts boxing files in a text section, knowing that some users
might try to apply the knowledge illegally, could, under the current
philosophy of the Secret Service and others, be indicted. This may seen a
remote possibility, but we have seen from recent activity that we simply
cannot rely on good faith interpretations of the law by some prosecutors,
especially those willing to distort "evidence" to strengthen a case.
Further, the term "may be" is unnecessarily vague. Generally, the term
means "expressing ability, permission, freedom, possibility, contingency,
chance, competence..." (Chambers 20th Century Dictionary, 1972: p. 811). An
automobile dealer presumably knows that a customer "may" use a car in the
commission of a crime, or "may" drive the car while intoxicated. Yet, it is
absurd to consider holding the dealer criminally liable for the sale in the
event the customer "may" be able to do so. Our point is that the language
of this Bill seems unnecessarily restrictive and open to potential abuses
by law enforcement agents, especially those willing to seek "test cases" to
test the laws. Californians should write their legislators with their
concerns in hopes that the language would be revised in a way that allows
legitimate targeting of "real" computer criminals, but reduces the
potential for using the law to persecute those for whom less stringent and
more productive responses are appropriate.
Just as chilling is subdivision (g) of this passage. The language
in (g) specifies:
Any instrument, apparatus, device, plans, instructions, or
written publication described in subdivision (b) or (c) may
be seized under warrant or incident to a lawful arrest, and,
upon the conviction of a person for a violation of
subdivision (a), (b), or (c), the instrument, apparatus,
device, plans, instructions, or written publication may be
destroyed as contraband by the sheriff of the county in
which the person was convicted or turned over to the person
providing telephone or telegraph service in the territory in
which it was seized.
This section seems reasonable to the extent that it specifies confiscation of
an illegal "instrument" upon conviction. The problem, however, is the
apparent tendency in some states to seize equipment even when indictments are
not forthcoming. The wording would seem to offer incentives to agents to
secure an arrest as a means to confiscate equipment, even if charges were
subsequently dropped. Again, this may seem far-fetched, but the undeveloped
state of computer law and the actions of prosecutors in early 1990 leave
little room for confidence in good faith interpretation of the wording. Take
an example: If a person were to be indicted for posession of an auto-dialer
(which generally has but one purpose) pursuant to a search warrant for
unrelated reasons, computer equipment could be confiscated. We have seen from
the actions of agents that the definition of "equipment" is quite broad, and
can include printers, modems, answering machines, or even books and pictures.
If the person is convicted of possession, then the equipment could be lost.
Again, "common sense," that sixth sense that tells us the world is flat, would
tell us that such a possibility seems absurd. However, the zealousness of Sun
Devil agents reduces the absurdity to the level of a "could be," and it is
because of their actions that we are concerned with this wording.
Title 13, Sect 502 (h) provides that:
Any computer, computer system, computer network, or any
software or data, owned by the defendant, which is used
during the commission of any public offense described in
this section any computer, owned by the defendant, which is
used as a repository for the storage of software or data
illegally obtained in violation of this section shall
be subject to forfeiture.
The chilling aspect of this passage is that is says nothing about
conviction. Does "subject to forfeiture" mean that, even if found innocent,
one could lose their equipment? A good faith reading suggests that the
intent of the language at least implies that a conviction must occur. But,
in reading the indictments of Craig Neidorf and Len Rose (neither from
California), we should be cautious before assuming that prosecutors will
not resort to creative interpretations to file an indictment. We should
also be aware that at least one California prosecutor has published
statements advocating an aggressive enforcement policy against "hackers"
and has advocated responses that he acknowledges are probably
unconstitutional.
Given the broad interpretation of the law, and considering how companies
such as BellSouth have grossly inflated the value of products (such as in
the Neidorf case, in which information available for $13 was valued,
according to the first indictment, at $79,449, and in the second indictment
reduced to $23,900). Given their public statements in the media and the
hyperbole of indictments, we cannot assume "good faith" prosecution by law
enforcement, and the language of the California Act seems wide open for
abuse.
Our purpose is not simply to criticize this law, but to use it as an icon
for other state and federal law. Some states are revising their laws, and
it is crucial that computerists be aware of, and offer input into, their
wording to assure that legitimate enforcement needs are met and potential
for abuse or misuse removed. There must be a balance, and without public
input such a balance is unlikely. We find Jim Warren's article (File 5,
following) significant. It suggests that computerists introduce this as an
issue in political campaigns as a means of educating both the public and
the politicians.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
Date: Wed, 19 Sep 90 15:23:16 pdt
From: well!jwarren@APPLE.COM(Jim Warren)
Subject: Candidate for state governor supports electronic freedom & privacy
********************************************************************
*** CuD #2.04: File 5 of 7: Legal Changes / Electoral Processes ***
********************************************************************
[Please post & circulate]
+++++++++++++++++++++++++++++++++++++
GUBERNATORIAL CANDIDATE SUPPORTS ELECTRONIC FREEDOM & PRIVACY
Folks, we have a good chance of having a **State Governor** who
(a) understands and favors technology, and -- more important --
(b) has signed and released the following statement (I just received a
signed, dated copy by fax; I will fax it to anyone who requests it).
-- Jim Warren, 9/16/90 [jwarren@well.sf.ca.us, or 415-851-7075/voice]
+++++++++++++++++++++++++++++++++++++++++++
STATEMENT BY JIM GALLAWAY, CANDIDATE FOR GOVERNOR OF NEVADA
I am the Republican candidate for Governor of the State of Nevada. I have
been in the private telecomm industry for most of 20 years, and have been a
principal in several telecomm and computer start-ups. I understand,
support, and have practiced technological innovation.
My wife and I have known Jim Warren for well over a decade. He has
outlined some of the current issues about which owners and users of systems
for e-mail, BBS, teleconferencing, electronic publishing and personal
computing are deeply concerned.
These are my positions, relative to some of the recent law enforcement
practices by some government agents:
1. Government responses to alleged misdemeanors and crimes must be no more
than comparable to the seriousness of the wrong-doings.
2. Simple electronic trespass without harm must be treated as any other
simple trespass. It does not justify armed raids on teenagers, forced
entry of private homes, nor seizure of telephone handsets, answering
machines, computer printers, published documentation, audio tapes and the
like.
3. The notion that equipment can be "arrested" and held inaccessible to
its owner, without promptly charging the owner with a crime, is absolutely
unacceptable. The practice of holding seized equipment and data for months
or years is a serious penalty that must be imposed only by a court of law
and only after a fair and public hearing and judicial finding of guilt.
4. Teleconferencing and BBS systems must have the same protections against
suppression, prior restraint, search or seizure as do newspapers, printing
presses and public meeting places.
5. The contents of electronic-mail and of confidential or closed
teleconferencing exchanges must have the same protections against
surveillance or seizure as does First Class Mail in a U.S. Post Office, and
private discussions among a group in a home or boardroom.
As Governor of the State of Nevada I will vigorously support all of these
positions -- both statewide and nationally.
/s/ Jim Gallaway, candidate for the Governor of Nevada [dated] 9/16/90
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
Date: 22 September, 1990
From: Gordon Meyer
Subject: Review of Steven Levy's CLOAK AND DAGGER
********************************************************************
*** CuD #2.04: File 6 of 7: Review of Levy's Cloak and Dagger ***
********************************************************************
CuD Synopsis
"Code and Dagger"
by Steven Levy
The Iconoclast, MacWorld 9/90 p69-80
Summary by Gordon Meyer
------------------------
In the spring of 1988 a group using the name "The nuPrometheus League
(Software Artists for Information Dissemination)" mailed unmarked
computer disks to several prominent computer industry journalists and
authors. These disks contained Apple Computer source code to the Color
Quick Draw routines used in the Macintosh operating system.
One year later the author, Steven Levy, reports that he recently received
a series of phone calls from an FBI agent investigating the case. Levy's
column ("The Iconoclast") in the September 1990 issue of MacWorld paints
an interesting story about the investigation, much of it mirroring the
issues raised by the Secret Service's "Operation Sun devil" and other
computer crime investigations.
In his article Levy tells of the Agent repeatedly questioning him about
nuPrometheus, despite Levy's denials of have any real knowledge of the
matter. The agent appeared to be reading the questions of a list,
without any real understanding of the answers he was receiving. Two
weeks later Levy received a call from a different agent and when this
agent was queried how he came to be questioning the author the reply was
"Somehow your name came up". When asked why the FBI was pursuing the
case one year later, despite the fact that no other nuPrometheus activity
had occurred since the original incident, the answer was that this was a
significant case of Interstate Transportation of Stolen Property and could
be equated with the theft of a national secret. For, the agent
explained, if a spy were to come by this code he could use to break into
the Macintosh computer and steal the secrets within!
Levy reports that others have been interviewed in conjunction with the
case as well. One, Mitch Kapor, described his interview as being almost
surrealistic and profoundly disturbing. Levy quotes Kapor as saying:
"It seemed obvious to me they didn't have a clear sense of the
technology - there was such a lack of understanding that the effort
to investigate wouldn't bear fruit. They were lost in cyberspace."
Others who were interviewed report similar experiences. John Perry
Barlow was told that the annual Hacker's Conference (a yearly meeting of
highly-skilled computer programmers) was actually a gathering of computer
outlaws. Grady Ward, a former Apple programmer, was told that the stolen
source codes was filtering back to Communist enemies (via Toshiba
electronics).
Levy, attempting to tip the scales of discourse back towards more
rational thought, writes:
"That (the claim that this is a case of interstate theft) may be the
legal charge, but the theft of source code involved in nuPrometheus
is quite a different matter from hijacking a truck or robbing a
bank. Software is a much trickier object than swag or money - it
can move in elusive ways, and therefore access to protected software
is a technically complicated matter. And the problem of the
criminal's motive requires an even deeper understanding. In order
to understand and ultimately apprehend the perpetrator, one must
realize that this particular crime seems motivated not by greed or
maliciousness, but by a peculiar attitude toward technology in
general and the role of Apply Computer in particular." ... "One has
to feel some sympathy for the agents here - it's a terrible burden to
have to solve this rather bizarre ideological crime without being
steeped in the lore of Silicon Valley." (p.74)
CuD readers will immediately recognize the similarities between this
investigation and those associated with Operation sun devil. In both
instances the investigators have constructed a list of suspects based
on associations with "suspected hackers" and have defined cultural and
socially normative activities as "conspiratorial" or "criminal" without
regard for other, less accusatory, interpretations that could apply.
The nuPrometheus investigation has resulted, thus far, in at least three
people being directly accused of the crime, but (like in the sun devil
cases) no formal charges have been filed. One suspect, Grady Ward, was
told by an agent "we know you did it" and is evidently considered a
suspect because he's one of five likeliest Apple employees that had
requested access to the source code shortly before it fell into the hands
of nuPrometheus. The feds consider him a suspect because "He had since
left Apple, he had attended a liberal arts college, and had once formed
an intellectual society called Cincinnatus, thus betraying the same
fondness for antiquity shown by the name nuPrometheus." (p.76) Ward
admits having had the source code at one time, but it was part of his job
to have it, and besides, he says, it was distributed to hundreds of
people in the project group via Internet.
In his article Levy poses several questions concerning this
investigation. One of which, he says, is why the FBI is spending it's
resources to follow this case rather than chasing the white-collar
thieves who sacked the country for a trillion dollars in the
Savings-and-Loan fiasco. After all, he notes, Apple has managed to stay
in business despite the theft of the code, and nuPrometheus has not
followed up on their promise to release other inside information. Levy
goes on to suggest that some in Silicon Valley believe that Apple,
perhaps via it's security firm (Kroll Associates, believed to have a
number of former federal agents on staff), has pressured the FBI into
pursuing the case. Again, this sounds quite similar to the "Phrack -
E911" case where it has been conjectured that Bell South persuaded the
Government to pursue a case that could not be won.
Levy concludes by suggesting that we may not have heard the least of the
nuPrometheus investigation. Stephen Satchell, a computer writer in Reno,
told Levy that the FBI agent who interviewed him had a list of potential
interviewees that numbered around 60 people, in 39 states. Levy leaves
us with one final question. "... when does an investigation become a
witch-hunt?" It's a question that CU followers have heard before.
---------
GRM
Internet: 72307.1502@Compuserve.com
Moderators Note: CuD-ites are encouraged to see Levy's full article in
MacWorld. Like his work _Hackers_, Mr. Levy consistently produces
entertaining and thought-provoking articles.
END
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
Date: 23 September, 1990
From: Various Contributors
Subject: The CU in the News
********************************************************************
*** CuD #2.04: File 7 of 7: The CU in the News ***
********************************************************************
"Justice Department Computer Security Questioned"
The General Accounting Office (GAO) has issued a report criticizing the
Justice Department (DOJ) for failing to have a management system in place
to secure its highly sensitive computer systems and has concluded that
classified files were at risk. The report concludes that immediate action
is required to correct security weaknesses at the main Justice Department
data center and in computer systems used by DOJ litigating organizations.
The report found several security weaknesses at DOJ's new data center in
Rockville, MD, a site leased by DOJ from Control Data Corp. for 17 years.
According to GAO, there are "numerous uncontrolled entrances...through
which individuals could easily remove sensitive data." In addition, the
report is critical of DOJ's lack of contingency plans for emergencies at
the center and has not conducted a complete risk assessment that takes into
account possible adverse actions by disgruntled employees.
Copies of the report, entitled "Justice Automation: Tighter Computer
Security Needed" may be obtainable from the GAO (202/225-6241). The report
is GAO/IMTEC-90-69 and is dated July 30, 1990.
------------------------------
TRENTON, N.J. (UPI) -- Assembly Speaker Joseph Doria said Monday he was
concerned by news that an alleged Republican break-in of Democratic
computer files took place with the knowledge of the GOP's highest-ranking
staff member.
Doria, D-Hudson, said he had instructed all Assembly members and staff with
knowledge of the %%hacking'' incident to turn their information over to
Attorney General Robert Del Tufo, who is investigating the repeated
break-ins.
John Kohler, executive director of the GOP Assembly staff, resigned Friday
admitting he had been aware of the activities of Jeffrey Land, a low-level
staffer who reportedly broke into Democrats' files in the legislative
computer system and discovered that Democrats had used the state-owned
computer for political work.
State law bars use of state equipment for political work or doing political
work on state time.
Previous to Kohler's resignation, however, top lawmakers had dismissed the
break-ins as a computer hacker's prank.
------------------------------
"Think that Computer Message you just sent was Secret? Think Again"
By Bart Ziegler
Associated Press
+++++++++++++++++
NEW YORK -- Next time you push that button on your computer to send a
co-worker a racy electronic mail message about the boss, think twice.
Someone may be reading your mail. Every day, millions of computer users
send electronic messages to fellow employees, supervisors, clients and
friends. Many assume these computer-to-computer electronic mail systems --
the postal system of the Information Age -- are confidential. But a recent
lawsuit challenges that notion. The class action contends a California
company spied on employees for months by monitoring thousands of their
electronic messages. The lawsuit, filed last month by several employees
again Epson America Inc. of Torrance, Calif., claims the company's
computer operations manager made printed copies of electronic mail sent and
received by 700 Epson workers. The suit claims such snooping violates a
state wiretap law. Epson, a Japanese-owned company that sells personal
computers, calls the lawsuit unfounded. "It is clearly not the policy of
Epson to indiscriminately read electronic mail," said spokesman Scot
Edwards. He declined to comment on the suit's specific allegations. The
lawsuit is an example of a growing privacy debate surrounding "E-mail,"
which has mushroomed in popularity during the past decade with the growth
in personal computers. Among other cases:
o The mayor of Colorado Springs, Colo., caused a stir this year when
it was discovered he had been reading printouts of electronic messages that
City Council members had sent each other in confidence.
o The Iran-Contra affair unraveled partly because investigators
discovered electronic messages sent by L. Col. Oliver North and supporters.
The North team didn't realize that every message was stored on computer
tape.
Computer experts say some E-mail systems automatically destroy electronic
messages once they are read. Others keep a copy. But even systems that
erase old messages aren't safe from snoops. In most systems, computer room
operators can rea messages that haven't yet been opened by recipients, said
Mike Zisman, president of SoftSwitch Inc., a Wayne, Pa., company that helps
corporations link E-mail systems. "When you send a message, most people
think it's as private as sending it through the U.S. Postal System. But in
some companies it can be as private as writing it on the bathroom wall,"
said David Atlas, an E-Mail analyst at International Data Corp., a research
firm. Atlas said he knows of another suit similar to the Epson class
action, as well as employees at two other companies who are considering
their own lawsuits, but he declined to identify them. Few employers have
explicit policies on the use and privacy of E-Mail, said Walter Ulrich, an
office automation specialist at the consulting firm Arthur D. Little Inc.
"That's an area where companies should give guidance to employees," said
Ulrich, who estimates that there are 10 million E-Mail users in North
America. Ulrich recommended companies state they will not snoop in E-Mail
systems unless they believe users are using them illegally or abusively.
But he doesn't think companies should be barred outright from reading
E-Mail, since the companies own the systems.
The American Civil Liberties Union takes a stronger stance. It believes
federal privacy safeguards are needed to prevent employers from
eavesdropping on employees' personal affairs that happen to be contained in
computer files.
"There's virtually no law that would stop any employer from systematically
reading al of the computerized information of any of their employees," said
Lewis Maltby, coordinator of the ACLU's National Task Force on Civil
Liberties in the World Place.
Federal laws that bar wiretapping don't apply to computer systems, Maltby
said.
********************************************************************
------------------------------
**END OF CuD #2.04**
********************************************************************

Reference in New Issue View Git Blame Copy Permalink